Attorney Docket 
No. 10397-1U1 

Express Mail Label > L47425 1 863US 



^ TITLE OF THE INVENTION 

SYSTEM AND METHOD FOR NETWORK ADMINISTRATION AND LOCAL 
ADMINISTRATION OF PRIVACY PROTECTION CRITERIA 

CROSS-REFERENCE TO RELATED APPLICATIONS 
5 This application claims the benefit of U.S. Provisional Application No. 60/264,382 

filed January 26, 2001, entitled "SYSTEM AND METHOD FOR NETWORK 
ADMINISTRATION AND LOCAL ADMINISTRATION OF PRIVACY PROTECTION 
CRITERIA." 

BACKGROUND OF THE INVENTION 

10 The interactive nature of the World Wide Web has proved to be a powerful 

marketing tool, allowing businesses and consumers to communicate on a one-to-one basis. A 
cookie file (also know simply as a "cookie") is a tool used on the web to facilitate and interpret 
this one-to-one interaction. Cookie files offer businesses the potential for more effective direct 
marketing of goods, services and information. For many e-businesses that operate over the 

15 Internet, cookie files are considered to be vital to the future success of on-line advertising and 
thus the generation of future business. 

A cookie file is a small file that is stored on an individual's computer. The cookie 
file allows a website to tag the browser of the individual's computer with a unique 
identification. When the individual visits the website, a server at the website requests a unique 

20 identifier from the browser of the individual's computer. If the unique identifier is not received, 
the server delivers one, in the form of a cookie file, to the individual's computer, where it is 
stored for future access by that particular server. 

Many cookie files used by on-line business actually benefit on-line computer users, 
such as by providing easy access to a website that an on-line computer user desires to interface 

25 with on a regular basis. Cookie files may be used by advertisers to avoid repeatedly showing 
the same advertisement (e.g., a banner) to the same on-line computer user. Additionally, cookie 
files make it easy for consumers to shop on their favorite websites. Once a consumer returns to 
a previously visited website where he or she purchased one or more items, the consumer can 
conveniently purchase additional items without having to re-enter his or her credit card number 
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or shipping address, assuming that the consumer is using the same computer and a cookie file 
was stored in it during the consumer's first visit. 

Cookie files are also used to track information about an on-line computer user's 
behavior. It is believed by many that cookie files invade a computer user's privacy because 
5 they reveal the user's identity and link it to the user's history of Internet usage. Thus, a cookie 
file may be used as a tool of surveillance by monitoring the computer user's browser and 
revealing website addresses that the computer user visits to the entity that "planted" the cookie 
file. Additionally, businesses that receive information obtained from using cookie files may 
share such information with other businesses. Thus a privacy issue may arise due to companies 

10 that abuse the technology of using cookie files. When linked to tracking databases, the storage 
of cookie files may reveal a particular person's most private information, such as their medical 
or financial history. Some companies further extend the privacy threat by cross-referencing 
cookie file identifiers with massive off-line marketing databases. 

Several software programs have been developed and are on the market for the 

15 purpose of screening cookie files. Internet Explorer and Netscape allow a computer user to set 
the computer's browser such that all received cookie files are either automatically accepted 
(enabled) or rejected (disabled). In another user selectable browser mode, the computer user is 
prompted for a decision every time an individual cookie file is received. 

There are software programs that let users create a profile of which types of cookie 

20 files they will accept. However, there is no guarantee that cookie files generated by companies 
with a history of abusing the use of cookie files will be screened out, nor is there a universal 
reference source for determining which cookie file sources should not be accepted. What is 
needed is a professional service that constantly researches and evaluates cookie file sources 
(e.g., websites), cookie files, consumer complaints and other statistical data, and develops and 

25 electronically distributes to subscribing computer users, on a periodic basis, a list of those 

cookie file sources that the service recommends should not be permitted to store cookie files in 
the subscribing user's computer. What is also needed is a user-friendly interface for enabling a 
user to easily and automatically modify the distributed list once it is received by the user's 
computer, such that the user may customize the list to meet his or her individual or 

30 organizational requirements. 
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. . SUMMARY OF THE INVENTION 

The present invention allows a user to screen cookie files to determine which cookie 
files should be stored in the user's client machine (e.g., computer) based on the professional 
recommendations of a service provider. Through a user-friendly interface, the user is able to 
5 modify the recommendations of the service provider as desired, by creating one or more 
exception lists. The exception lists indicate specific cookie file sources that the user has 
designated as being allowed or not being allowed to be stored in the user ! s client machine. A 
composite list is generated as a result of modifying the service provider's recommendations 
according to the user's exception lists. The composite list is used to determine which cookie 

10 files already stored in the client machine may remain and which should removed. 

A method of screening cookie files in a client machine in accordance with the 
present invention is now described. A server of a service provider that makes professional 
recommendations regarding the handling of cookie files receives a request to send a list of 
cookie file sources to the client machine. The request is received from an individual (a 

15 "subscriber") subscribing to services provided by the service provider. The individual is a user 
of the client machine. In response to the request, the server downloads the list of cookie file 
sources to the client machine. The downloaded list is used to detect cookie files received at the 
client machine from sources on the downloaded list. 

A first exception list may be created by the subscriber to include the identity of 

20 sources that are permitted to store cookie files in the client machine. The sources in the first 
exception list may or may not be included on the downloaded list. A second exception list may 
also be created to include the identity of sources that are not permitted to store cookie files in 
the client machine. The sources in the second exception list may or may not be included on the 
downloaded list. The professional service provider creates the downloaded list. The subscriber 

25 creates the first and second exception lists. The downloaded list may then be modified in 
accordance with the first and second exception lists where any cookie file. A separate 
composite list may be generated instead of modifying the downloaded list. The composite list 
may include the cookie file sources on the downloaded list, plus any cookie file sources on the 
first exception list, minus any cookie file sources on the second exception list that also appear 

30 on the downloaded list. Updates of the downloaded list may be received from the server on a 
periodic basis. Once the downloaded list is modified or a composite list is generated, the client 
machine may display a message indicating that a cookie file received from a source on the 
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downloaded list has been detected. Detected cookie files stored in the client machine may be 
removed. Detected cookie files may be prevented from being stored in the client machine. 

In an embodiment of the present invention, a first method of creating a composite 
list of cookie file sources in a client machine is now described. A first exception list is created. 
5 The first exception list includes the identity of sources that are permitted to store cookie files in 
the client machine. A second exception list is also created. The second exception list includes 
the identity of sources that are not permitted to store cookie files in the client machine. A 
master list of cookie file sources is received at the client machine from a service provider that 
makes professional recommendations regarding the handling of cookie files. The master list is 

10 then modified in accordance with the first and second exception lists. Thus, the composite list 
is the modified master list. Updates of the master list may be received from the service 
provider on a periodic basis. Stored cookie files received at the client machine from sources on 
the composite list may be removed. Cookie files received at the client machine from sources on 
the composite list may be prevented from being stored in the client machine. 

15 In another embodiment of the present invention, a second method of creating a 

composite list of cookie file sources in a client machine is now described. A master list of 
cookie file sources is received at the client machine from a service provider that makes 
professional recommendations regarding the handling of cookie files. Cookie file sources from 
the master list that correspond to one or more trusted cookie file sources listed in the client 

20 machine are deleted. Cookie file sources that correspond to one or more untrusted cookie file 
sources listed in the client machine are added to the master list. Cookie files stored in the client 
machine and which are received from sources on the composite list may be removed. Cookie 
files received at the client machine from sources on the composite list are prevented from being 
stored in the client machine. 

25 BRIEF DESCRIPTION OF THE DRAWINGS 

The following detailed description of preferred embodiments of the present 
invention would be better understood when read in conjunction with the appended drawings. 
For the purpose of illustrating the present invention, there are shown in the drawings 
embodiments which are presently preferred. However, the present invention is not limited to 
30 the precise arrangements and instrumentalities shown. In the drawings: 

FIG. 1 shows an arrangement of a privacy server and a client machine in accordance 
with the present invention; 
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FIG. 2 shows a data structure of a watch list on the privacy server in accordance 
with the present invention; 

FIG. 3 shows a high-level functional flowchart in accordance with the present 

invention; 

5 FIG. 4 shows a menu option allowing a user for updating privacy protection in 

accordance with the present invention; 

FIG. 5 shows an example of a logic table of a privacy scanning algorithm in 
accordance with the present invention; and 

FIG. 6.shows a user- friendly interface for modifying the watch list in accordance 
1 0 with the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 
Certain terminology is used herein for convenience only and is not to be taken as a 
limitation on the present invention. A "watchlist" or "watch list" or "master list" (hereinafter, 
"watch list") is a list containing privacy protection criteria (e.g., a list of cookie file sources that 

15 are not trusted as designated by the service provider) that is downloaded to a client machine 
from a server of a service provider that provides professional recommendations. A "trust list" 
or "trustlist" or "first exception list" or "personal trustlist" (hereafter, "trustlist"), also contains 
exemptions to the privacy protection criteria included in the watch list (e.g., a list of cookie file 
sources that are trusted as designated by the user of the client machine). A "black list" or 

20 "blacklist" or "second exception list" or "personal blacklist" (hereafter, "blacklist"), contains 
exemptions to the privacy protection criteria included in the watch list (e.g., a list of cookie file 
sources that are not trusted as designated by a user of the client machine). The criteria 
contained in the watch list is generated by the service provider. The criteria in the blacklist and 
trustlist is generated by the user of the client machine. Criteria in the blacklist and trustlist 

25 supercede the criteria in the watch list. A "composite list" (a modified version of the watch list) 
contains privacy protection criteria which is stored in the client machine. The composite list is 
created by subtracting exemptions on the trustlist (if any) from the criteria on the watch list and 
adding the remaining criteria to the exemptions on the blacklist (if any). A "cookie file source" 
is a website, an e-business or any other entity that sends cookie files. A "client machine" is an 

30 apparatus which generally works directly for users, providing computational power and 

other "general purpose" tools. A client machine also provides one or more users with access to 
stored files. A computer is an example of a client machine. 
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As shown in FIG. 1, the present invention begins with the use of a privacy server 10, 
which maintains a watch list 12 of privacy protection criteria (e.g., a list of untrusted cookie file 
sources) and sends over a network a local copy of the watch list 14 to client machine 20 in 
response to a request received from a subscribing user of client machine 20. Software resident 
5 in the client machine 20 may optionally contain two user-customized sets of supplemental 
privacy protection criteria to be used in conjunction with the watch list. The user-customized 
sets are called a blacklist and a trustlist which contain exemptions to the watch list and are 
stored in the client machine. In one preferred embodiment of the present invention, a 
composite list of privacy protection criteria may be created by subtracting exemptions on the 

10 trustlist from the watch list and adding exemptions on the black list to the remaining privacy 
protection criteria on the watch list. The composite list may be the same as the local copy of 
the watch list 14 after it has been modified, or the composite list may be a separate list stored in 
the client machine 20 along with the local copy of the watch list 14, the trustlist 16 and the 
blacklist 18. In an alternate embodiment, an algorithm (e.g., a software program) may be used 

15 to read the contents of the local copy of the watch list 14, the trustlist 16 and the blacklist 18, 
and screen cookie files without modifying any of the lists or adding an additional list. 

Three main objects are used by the present invention: the watch list 12, the trustlist 
16 and the blacklist 18. The watch list 12 is essentially a managed security list containing 
privacy protection criteria which is stored on the server 10. A local copy of the watch list 14 is 

20 distributed to the client machine 20 via a subscription process. The trustlist 16 and blacklist 18 
are maintained by the user on the client machine. Each of these three lists is made up of one or 
more uniform resource locators (URLs) which are used as privacy protection criteria. The 
client machine's software contains the user managed privacy data preferences and retrieves the 
managed watch list 12 from the server 10. The privacy data referenced above can take several 

25 forms, most commonly that of a web site, URL, or other cookie blocking or accepting criteria. 
The privacy data may take the form of a list of web sites for which the local storage of cookie 
files in the client machine is to be prohibited. The state management protocol of a cookie file 
may store unique or identifying information about the user, the user's session or the users' 
Internet account. 

30 The watch list 12 is a compilation of privacy protection criteria distributed to the 

client machine 20 from a central privacy server 10 over a network. The watch list 12 may 
include Internet sites, which may use cookie files to store unique or identifying information 
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about the client machine software user. The watch list 12 is maintained by a service provider 
and stored on an Internet accessible hypertext transfer protocol (HTTP) server 10. 

The trustlist 16 is a list of exemptions to the privacy protection criteria, which may 
or may not be included in the local copy of the watch list 14. The trustlist 16 may include 
5 Internet sites, which may use cookie files to store unique or identifying information about the 
client machine user. The trustlist is customized and maintained by the client machine user. It 
contains those Internet sites that the user trusts, and those sites are allowed to download their 
cookie files to the user's client machine. 

The blacklist 18 is a locally maintained list of privacy protection criteria to be 

10 merged with the local copy of the watch list 14. The blacklist 18 may include those Internet 
sites that should be blocked from creating cookie files to store unique or identifying 
information about the client machine software user. Like the trustlist 16, the blacklist 18 may 
also be customized and maintained by the client machine user. The blacklist 18 may include 
those Internet sites that the user does not trust, and the cookie files from those sites are removed 

1 5 from the user's client machine. 

In one preferred embodiment of the present invention, the composite list may be a 
combination of the local copy of the watch list 14, the trustlist 16 and the blacklist 18. The 
composite list begins with the same contents as the local copy of the watch list 14. Any privacy 
protection exemptions contained on the trustlist 16 that are also in the composite list are 

20 removed from the composite list. Next, any privacy protection exemptions in the blacklist 18 
that are not already on the composite list are added to the composite list. The composite list is 
then used as a master list of privacy protection criteria to be used to protect the client. 

FIG. 2 shows the data structure of the watch list 12 on the privacy server 10. The 
watch list is simply a collection of privacy protection criteria. In one preferred embodiment of 

25 the present invention, this privacy protection criteria takes the form of cookie files that may be 
rejected by the client machine 20. 

FIG. 3 shows a high-level functional flowchart that demonstrates the process of 
comparing data elements distributed to the client machine 20 to a locally created composite list 
of privacy protection criteria and determining which of those elements should be removed from 

30 the client machine 20. As shown in block 30, the service provider for privacy server 10 allows 
the client machine user to create and maintain an optional trustlist 16 on the client machine 20 
which contains privacy protection criteria that the user would like to remove from the local 
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copy of the watch list 14. As shown in block 40, the service provider also allows the client 
machine user to create and maintain an optional blacklist 18 which contains privacy protection 
criteria that the user would like to add to the local copy of the watch list 14. As shown in block 
50, the service provider employs an algorithm which quickly retrieves the most recent version 
5 of the watch list 12 from the privacy server 10. The watch list 12 is maintained on the privacy 
server 10 and contains a predefined set of privacy protection criteria, which the user of client 
machine 20 subscribes to. The client machine user may manually request at any time that the 
most up-to-date privacy protection criteria available be downloaded to the client machine 20 
from the privacy server 10. This process can also be run automatically by a software 

10 application at regularly scheduled intervals. 

As shown in FIG. 4, the client machine user may also be presented with a displayed 
alert that gives the user the option of updating the privacy protection criteria immediately. The 
client machine user can also select a future time (e.g., 5 days from today) at which the user is to 
be reminded to request that the local copy of the watch list 14 be updated. 

15 Referring again to FIG. 3, in block 60 the service provider employs a privacy scan 

algorithm to determine those unwanted cookie files that should be removed from the client 
machine. As shown in block 70, unwanted data cookie files are then removed from the client 
machine. 

Two distinct algorithms are employed to implement the present invention. A "quick 
20 update algorithm" is used to synchronize the local copy of the watch list 14 with the watch list 
12 stored on the privacy server 10. A "privacy scanning algorithm" is used to implement the 
privacy protection criteria included in the composite list. The privacy scanning algorithm 
detects unwanted cookie files and scrubs them from the client machine 20. 

The quick update algorithm will now be described. The client machine user 
25 subscribes to the service provider in order to receive the local copy of the watch list 14. If 
authentication is being used, when the client machine 20 connects to the server 10, 
authentication is performed to ensure that the client machine user is registered to receive watch 
list updates. If the user is properly registered, after authentication, an updated watch list is 
distributed to the client machine 20. If the user does not pass authentication, the update is not 
30 distributed. The service provider determines whether or not the quick update algorithm may be 
utilized with or without authentication. 
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Referring now to FIG. 5, the privacy scanning algorithm will now be described. 
The privacy scanning algorithm is employed to remove unwanted cookie files from the client 
machine 20. In order to do this successfully, the privacy scanning algorithm makes use of the 
following components of the client software: a watch list distributed from the server 10, a 
5 trustlist 16 and a blacklist 18. The privacy scanning algorithm compares the privacy protection 
data on the client machine 20 to that on the composite list compiled from the local copy of the 
watch list 14, the trustlist 16 and the blacklist 18. The privacy scanning algorithm determines 
which cookie files are to be removed (scrubbed) from the client machine 20 by analyzing the 
privacy protection criteria residing within the local copy of the watch list 14, the trustlist 16 and 
10 the blacklist 18. As depicted in the table shown in FIG. 5, if a cookie file is listed on the watch 
list, but not on the trustlist, the cookie file will be scrubbed or blocked. Any time that a cookie 
file appears on the trustlist, the cookie will be accepted by the client machine 20 regardless of 
whether or not it appears on the watch list. Any time that a cookie file appears on the blacklist, 
the cookie file will be scrubbed or blocked regardless of whether or not it appears on the watch 
1 5 list. The Privacy Scanning Algorithm may be carried out in either of two modes. The first is a 
continuous mode. In the continuous mode, the privacy scanning algorithm runs continuously 
and blocks unwanted cookie files from being downloaded to the client machine. The second is 
a periodic mode. In the periodic mode, the Privacy Scanning Algorithm is executed at a regular 
interval, specified by the user, to detect and remove unwanted cookie files from the client 
20 machine. 

FIG. 6 shows a user-friendly interface in accordance with the present invention 
which allows client machine users to personalize a trustlist 16 and blacklist 18. When either 
"Add New" button 80, 90, is clicked, the user is prompted to enter an Internet domain. The 
interface allows users to customize these two lists of Internet domains. The user can move a 

25 domain from one list to the other, delete a domain from either list, or add a domain to either list. 
In addition, the interface prevents an Internet domain from being placed on both the trustlist 16 
and the blacklist 18. FIG. 6 shows an example of the interface with the trustlist 16 and blacklist 
18 populated. Using this example, the following-domains will be trusted and the service 
provider will allow their cookie files to be downloaded to the client: www. ascenti ve. com , 

30 www.msn.com and www.dell.com . Also, based on this example, the following domains will 
not be allowed to download a cookie to the client: www.ebay.com , www.ediets.com and 
www.microsoft.com. 
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In addition to using a combination of a watch list, a trustlist and a blacklist to create 
a composite list for detecting unwanted cookie files on a client machine, a software application 
running on the client machine 20 in accordance with the present invention may provide further 
functionality to the user. This functionality may include the ability for the client machine user 
5 to manually launch the privacy scan, to manually retrieve the latest watch list from the server 
10, to customize the trustlist and blacklist, to view client cookie files, to select and manually 
delete cookie files, and to enable/disable privacy scanning. 

The present invention is capable of running on any hardware configuration that is 
used as part of today's technology. In order to retrieve the latest watch list and update the 

10 composite list used by the present invention, the client machine software must be able to 
connect to an HTTP server. 

The present invention is capable of working with any computer operating system. 
However, in today's modern marketplace, Microsoft Windows is the most commonly used 
computer operating system. Therefore, the present invention may be used with the Microsoft 

15 Windows operating system in the following versions: Windows 95, Windows 98, Windows 
Me, Windows NT and Windows 2000. In order to subscribe to the distributed watch list using 
the present invention's quick update functionality, the client machine software must have 
connectivity to the Internet. 

The present invention may be implemented with any combination of hardware and 

20 software. The present invention can be included in an article of manufacture (e.g., one or more 
computer program products) having, for instance, computer useable media. The media has 
embodied therein, for instance, computer readable program code means for providing and 
facilitating the mechanisms of the present invention. The article of manufacture can be 
included as part of a computer system or sold separately. 

25 It will be appreciated by those skilled in the art that changes could be made to the 

embodiments described above without departing from the broad inventive concept thereof. It is 
understood, therefore, that this invention is not limited to the particular embodiments disclosed, 
but it is intended to cover modifications within the spirit and scope of the present invention as 
defined by the appended claims. 
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